Advice from a CISO: Think outside the box to tackle cybersecurity skills crisis

This is a contributed piece by Mike Turner, Chief Operating Officer of Capgemini’s Cybersecurity Global Service Line

The cybersecurity industry is facing a mounting talent crisis. Demand for cybersecurity experts is outstripping supply by 25% and analysts are predicting 1.8 million unfilled positions by 2022. This talent gap is quickly becoming a critical issue for businesses, leaving them dangerously exposed to cybercrime and putting their investments in digital transformation at risk. Innovative thinking is needed to plug the gap.

One of the most exciting options for me is diverse hiring. We live in a vast, multi-cultured world filled with people from different backgrounds and different perspectives yet, all too often; we recruit from a narrow band of personality types. Those that are willing to widen their recruitment net will find genuine talent that is being overlooked by their peers.

For example, there is a growing body of research on the benefits of recruiting neuro-diverse candidates, such as individuals on the autism spectrum. Studies from the National Autistic Society have shown that people with autism are known to be analytical, detail-oriented and to have strong problem solving skills, making them ideal candidates for cybersecurity roles. However, many people with autism struggle to navigate recruitment processes or cope in a traditional office environment.

Given the talent crisis, why are we ignoring these highly skilled people? A few pioneers, such as Microsoft and SAP, are implementing more inclusive approaches to hiring and also creating bespoke roles that play to the strengths of those with autism. However, much more could be done to bring these kinds of people into the workplace. Some simple solutions include giving people the option to work from home, removing line management responsibility from positions or providing autism awareness training to make teams more accommodating.

Another untapped pool of potential is millennials. Unwittingly, many organizations put themselves at a disadvantage with this group by not designing recruitment campaigns to address their needs and the channels they consume content on. According to Capgemini’s research, 82% of Gen Y and Gen Z talent are looking to join organizations that recruit in an innovative way. This means reaching them on the mobile platforms they use every day. Some companies use gamification to attract the brightest talent. L’Oreal for example uses a game called Brandstorm to attract bright undergraduates and the Cyber Security Challenge UK conducts annual gaming competitions to find the next generation of cyber defenders.

Of course, great cybersecurity talent doesn’t have to come from outside the organization. Many companies are in fact sitting on a hotbed of unrecognized or undiscovered skill. Our research found that over a third of employees are anxious that their skills set will become redundant in the next four to five years. This is prompting half of employees to invest their own resources in digital upskilling. So rather than recruiting externally, companies should look inward and scout candidates in fields like network operations or application development, where they can find individuals who already possess knowledge and skills that can be easily adapted for cybersecurity.

Once great candidates are through the door, the next challenge is keeping them. Four out of five employees want to be able to work remotely, so offering a good work/life balance is key. For millennials, a clear career development path is important and 84% want regular feedback and achievable goals.

Elsewhere, another challenge faced by the industry is attracting enough women. Currently only 11% of the cybersecurity workforce are female. Popular culture has fueled the perception of cybersecurity as a masculine industry, with depictions of male, “nerdy” hackers. Offering internships to female students, providing mentors and highlighting the work of senior female cybersecurity specialists is a good place to start changing this perception and bolstering your recruitment pipeline.

The repercussions of a cyber-attack are potentially devastating, from hefty fines, to lower share price and reputational damage. But businesses are struggling with a shortage of cybersecurity talent and the problem is certainly not going away. By adopting innovative recruitment, training, and retention strategies that will appeal to cybersecurity talent, organizations can take an important step in helping protect their companies from the risks of our connected world.